A method for implementing cybersecurity risk management for network connectable devices is disclosed. The method involves device vulnerability and risk assessment, risk remediation, compromise detection and incident response. The vulnerability and risk assessment consider both technical and human factors. The method also includes using crowdsourcing methods, such as games and gamification, standalone or in combination with other technologies for inventory development, risk assessment and compromise detection. The risk remediation/mitigation and incident response include prioritized role and skill-based execution of security controls and incident responses, wherein security controls and incident responses can be selected from multiple options based on effectiveness and cost. The method further involves governance of the risk management process in an entity.
展开▼